Contents

Encryption Support

SAVE AS PDF

Encryption Support

Use encryption contexts to allow or deny access to sensitive
data based on user role.

Encryption and decryption occur on the server, not in the user interface.

Encryption methods

Fields that use Encryption Support may include:

New or existing Encrypted Text fields.

String, Date, Date/Time, or URL fields included in encrypted field configuration
records.

The Encrypted Field Configurations table [sys_platform_encryption_configuration] contains a
record for each field encrypted with Encryption Support. This table enables a security_admin
to monitor all fields in the instance that uses Encryption Support. On upgrade, encrypted
field configuration records are created for all existing Encrypted Text fields. When a new
Encrypted Text field is added, an encrypted field configuration record is created by
default.

Encrypted field configurations can encrypt fields using one of the following methods.

Method

Description

Single Encryption Context

The field is encrypted with the encryption context defined in the
Encryption context field. Users who do not have the
encryption context cannot view or update field values.

Multiple Encryption Contexts

The field is encrypted with the encryption context of the first user to enter
data. If the user has two or more encryption contexts, the context defined in the
encryption context selector is used. Because the encryption context is set on a
per record basis, fields in a list can have different encryption contexts.
However, within a single record, the field can be encrypted by only one
context.

When an Encrypted Text field is created, an encrypted field
configuration is created with the multiple encryption contexts method. Encrypted
Text fields and fields encrypted with the multiple encryption contexts method
behave the same.

Note: Mass encryption is not available when using the multiple
encryption contexts method.

Access to encrypted data

A user's encryption context determines access to encrypted data. Security_admin users can
grant an encryption context to a user by granting the user an associated role.

To monitor the assignment of roles, the customer or ServiceNow professional services can
set up security measures. For example, an email can be sent to an appointed encryption
manager whenever a role associated with an encryption context is granted to a user.

Note: Impersonation does not change the encryption context available to a user.
Even while impersonating, you have only the encryption contexts available to you
originally.

Access level

Data access to a field using the single encryption context method

Data access to a field using the multiple encryption contexts method

User with no encryption contexts

The form hides the encrypted field. In list view, the field appears blank and
cannot be edited, even if the data in the field is decrypted.

The form hides the encrypted field. In list view, the field appears blank and
cannot be edited, even if the data in the field is decrypted.

User with one encryption context

To use the field, the user must have access to the encryption context defined
in the encrypted field configuration. If the user does not have access to the
encryption context, the form hides the field. In list view, the field appears
blank and cannot be edited.

If there is no data in the field: If the user has access to the
encryption context, the form shows the field (assuming UI policy does not
prevent it). Users with access to the encryption context can view and update
the empty field. Data entered in the field is encrypted with the encryption
context defined in the encrypted field configuration.

If there is data in the field: If the user has access to the
encryption context, the user can view and edit data in the field.

The user automatically uses their encryption context with the encrypted
field.

If there is no data in the field: The form shows the field (assuming
UI policy does not prevent it). Users with any encryption context can view and
update the empty field. Entering data in the field causes the field to use the
currently selected encryption context to encrypt the data.

If there is data in the field: If the user has access to the
encryption context used to encrypt the field, the user can view and edit the
field.

User with two or more encryption contexts

To use the field, the user must have access to the encryption context defined
in the encrypted field configuration. If the user does not have access to the
encryption context, the form hides the field. In list view, the field appears
blank and cannot be edited.

If there is no data in the field: If the user has access to the
encryption context, the form shows the field (assuming UI policy does not
prevent it). Users with access to the encryption context can view and update
the empty field. Data entered in the field is encrypted with the encryption
context defined in the encrypted field configuration.

If there is data in the field: If the user has access to the
encryption context, the user can view and edit the field. The field always
uses the original encryption context to encrypt changes to the field. This
behavior prevents users with two or more encryption contexts from changing the
encryption context of a field.

The user can select an encryption context from the encryption context
selector in the welcome bar.

If there is no data in the field: The form shows the field (assuming
UI policy does not prevent it). Users with any encryption context can view and
update the empty field. Entering data in the field causes the field to use the
currently selected encryption context to encrypt the data. The field always
uses the original encryption context to encrypt changes to the field. This
behavior prevents users with two or more encryption contexts from changing the
encryption context of a field.

If there is data in the field: If the user has access to the
encryption context used to encrypt the field, the user can view and edit the
field. The field always uses the original encryption context to encrypt
changes to the field. This behavior prevents users with multiple encryption
contexts from changing the encryption context of a field.

Filtering and searching encrypted fields

When an Encrypted Text field or a field with an encrypted field configuration applied is
selected as the left operand in a filter, the following operators are available:

is

is not

is empty

is not empty

For Date fields, use the date picker to specify the date:

For Date/Time fields, use the date and time picker to specify the date and time:

If a user with one or more encryption contexts filters for equality or searches for a value
in a list:

Only values encrypted with an encryption context available to the user are
returned.

The operators is empty and is not empty
return all matching records. Fields encrypted with an encryption context not available
to the current user appear blank.

If a user does not have any encryption contexts, no records are returned.

The Show Matching and Filter Out options are
supported in lists. Only exact matches are returned or filtered out.

Note: Adding encrypted fields in condition filters is supported in scripts such as UI
policies and business rules.

Exporting data from encrypted fields

When exporting encrypted fields in a list or form to a file format, only fields encrypted
by an encryption context available to the current user appear in the exported
document.

To disable exports of encrypted data from a list view, add the
glide.encryption.export_encrypted_data.allowed system property and set
the value to false.

Encryption Support provides the ability to encrypt data in an instance. The ability to access encrypted data in a domain depends on a user's role and domain assignments. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.